Bitcoin Forum
November 15, 2024, 12:28:57 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Risk of anyone-can-take output
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Risk of anyone-can-take output  (Read 779 times)
jl2012 (OP)
Legendary
*
Offline Offline

Activity: 1792
Merit: 1111


View Profile
July 21, 2013, 04:46:16 PM
 #1
Currently, newly generated coins require 100 confirmations before it could be spent, since reward for orphaned blocks will never come back (if Gavin does not bail them out: https://bitcointalk.org/index.php?topic=156641.0  Grin ). However, any transactions relaying on "anyone-can-take" outputs, such as

Quote
OP_TRUE
,

or

Quote
OP_HASH256 <hash> OP_EQUAL

face similar level of risks. In case there is a block re-org, a miner may grab these outputs for themselves. Should we also flag any transactions without using ECDSA signature as generated coins?
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
Peter Todd
Legendary
*
expert
Offline Offline

Activity: 1120
Merit: 1160


View Profile
July 21, 2013, 04:50:17 PM
Last edit: July 21, 2013, 10:51:11 PM by retep
 #2
Miners can already exploit  transaction malleability to screw up transaction chains so I don't see it as a big issue.  It's really not unlike a double-spend frankly.

Ultimately the 100 block rule is there because even without malice without the rule you're going to get a lot of chaos. Anyway the cost to have the rule isn't a big deal, that's less than a day.

edit: I'll also point out, this isn't specific to non-ECDSA transactions either: 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T
BTC: 1FCYd7j4CThTMzts78rh6iQJLBRGPW9fWv  PGP: 7FAB114267E4FA04
pc
Sr. Member
****
Offline Offline

Activity: 253
Merit: 250


View Profile
July 23, 2013, 01:28:21 PM
 #3
Yeah, OP_TRUE and the like are the same as a widely-known private key. I don't see what advantage you get from treating them different at the protocol level, though I suppose a smart client could attempt to inform the user if a payment they received was more likely to be attempted to get double-spent than average, but I'm not sure the user would or should do anything different in that case anyway.
jgarzik
Legendary
*
qt
Offline Offline

Activity: 1596
Merit: 1100


View Profile
July 23, 2013, 02:06:59 PM
 #4
Quote from: pc on July 23, 2013, 01:28:21 PM
Yeah, OP_TRUE and the like are the same as a widely-known private key. I don't see what advantage you get from treating them different at the protocol level, though I suppose a smart client could attempt to inform the user if a payment they received was more likely to be attempted to get double-spent than average, but I'm not sure the user would or should do anything different in that case anyway.

No current client will tell the user "hey, I found an anyone-can-spend" nor list that in their balance.

Clients pattern-match output scripts, and only "see" ones with scripts they recognize.

All other transactions are simply invisible without special software to find them and spend them.
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Risk of anyone-can-take output
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!